This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/36e60b-2411-463b-8254-5475de603cd3/1/da7V_Ge3OwJ-tptvN6P_P-82QWY.roa
File:                     da7V_Ge3OwJ-tptvN6P_P-82QWY.roa (raw, json)
Hash identifier:          LhRu3/JonoqXhl7X7FsOj5gA5Kow+TvLPdq0yyZ9ncU=
Subject key identifier:   75:AE:D5:FC:67:B7:3B:02:7E:B6:9B:6F:37:A3:FF:3F:EF:36:41:66
Certificate issuer:       /CN=770d35d7566ee7246e4d2133cbde48a774423c77
Certificate serial:       019B7B35F712C8D30FE9904D296C0B6D7ADC
Authority key identifier: 77:0D:35:D7:56:6E:E7:24:6E:4D:21:33:CB:DE:48:A7:74:42:3C:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dw0111Zu5yRuTSEzy95Ip3RCPHc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/36e60b-2411-463b-8254-5475de603cd3/1/da7V_Ge3OwJ-tptvN6P_P-82QWY.roa
Signing time:             Thu 01 Jan 2026 20:18:12 +0000
ROA not before:           Thu 01 Jan 2026 20:18:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61175
IP address blocks:        193.27.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/36e60b-2411-463b-8254-5475de603cd3/1/dw0111Zu5yRuTSEzy95Ip3RCPHc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/36e60b-2411-463b-8254-5475de603cd3/1/dw0111Zu5yRuTSEzy95Ip3RCPHc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dw0111Zu5yRuTSEzy95Ip3RCPHc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 11:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:f7:12:c8:d3:0f:e9:90:4d:29:6c:0b:6d:7a:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=770d35d7566ee7246e4d2133cbde48a774423c77
        Validity
            Not Before: Jan  1 20:18:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=75aed5fc67b73b027eb69b6f37a3ff3fef364166
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:85:11:05:e0:4c:fd:8b:bd:60:05:a2:57:0f:
                    0d:d6:1f:41:ab:1e:11:b0:8b:b1:e0:0f:c9:4d:17:
                    ce:aa:9e:54:da:e0:91:0f:82:8d:26:48:d2:f9:d6:
                    c7:aa:13:4b:9a:67:93:d5:98:42:69:1d:5b:e7:8c:
                    89:d4:3d:4f:52:9b:04:3a:9e:3c:59:ed:c0:2f:65:
                    c6:e0:e4:58:27:55:c1:d3:39:af:56:42:fc:04:e3:
                    b5:d4:95:61:1d:a9:40:64:a3:89:a6:35:ca:62:9a:
                    74:dc:74:eb:5d:83:47:87:30:a1:b0:4f:2e:c9:36:
                    fa:a9:a8:62:b4:3c:11:1a:9e:3d:80:8c:31:20:46:
                    5c:54:aa:0d:fb:12:af:71:ac:be:ad:5e:93:95:2e:
                    bf:57:50:c4:2b:ef:cb:af:59:22:f0:a0:4d:bb:48:
                    2f:c0:8c:ba:b4:d0:31:af:09:da:26:cd:c6:18:6f:
                    e2:ce:be:5e:8a:59:c7:08:09:cd:11:ef:60:56:91:
                    a3:fc:ab:f7:a1:94:48:5f:12:73:ba:2a:bf:21:51:
                    a4:e3:1d:e4:80:19:d1:ae:96:0e:85:20:56:33:66:
                    6e:d6:4d:03:b2:32:83:83:6f:01:06:d4:2b:14:b7:
                    ae:15:31:16:65:b3:67:cb:c5:59:fd:38:a0:16:57:
                    13:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:AE:D5:FC:67:B7:3B:02:7E:B6:9B:6F:37:A3:FF:3F:EF:36:41:66
            X509v3 Authority Key Identifier:
                keyid:77:0D:35:D7:56:6E:E7:24:6E:4D:21:33:CB:DE:48:A7:74:42:3C:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dw0111Zu5yRuTSEzy95Ip3RCPHc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/36e60b-2411-463b-8254-5475de603cd3/1/da7V_Ge3OwJ-tptvN6P_P-82QWY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/36e60b-2411-463b-8254-5475de603cd3/1/dw0111Zu5yRuTSEzy95Ip3RCPHc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.27.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:49:23:5b:8a:60:90:2c:e6:b4:c4:3f:b2:36:46:33:17:56:
         ae:3f:84:e4:cd:1f:d3:7d:be:75:01:e8:76:cf:8c:93:6d:4e:
         ee:ec:29:88:3b:a6:df:a5:80:55:84:f2:e7:26:6f:8b:6e:7c:
         ae:f3:72:9f:cc:23:48:15:6d:8f:6e:70:c1:94:ef:2e:53:04:
         ec:01:d0:45:ed:2a:ac:cc:4e:40:f7:5c:23:ef:c0:3b:5f:51:
         67:08:7b:0e:67:26:b4:a9:a3:9b:c3:fb:35:b0:b6:94:71:aa:
         13:ab:ae:57:a7:b6:e3:e5:ba:3e:98:10:93:12:e7:78:ad:8f:
         03:97:d7:95:3d:d8:a7:be:48:63:32:c9:16:44:a9:bb:88:e8:
         8a:6b:02:8f:be:4a:02:ce:03:ec:13:82:bb:5a:7a:3c:a3:c7:
         1b:70:e6:3d:30:8c:c0:6e:e7:5e:8b:5a:06:1c:90:08:08:42:
         70:91:e2:19:51:a1:6e:e5:f7:d5:c2:6a:1f:6b:9e:36:45:d9:
         ba:20:3f:6a:2f:eb:78:1d:35:a3:57:88:09:b2:f2:fe:dd:25:
         93:a8:3b:4b:99:e7:a1:99:8e:51:09:59:3e:00:46:f5:05:1a:
         55:63:78:2b:db:d6:a9:e0:e9:24:ef:28:a7:bb:a4:6b:66:e6:
         61:b1:fa:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NfcSyNMP6ZBNKWwLbXrcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3MGQzNWQ3NTY2ZWU3MjQ2ZTRkMjEzM2NiZGU0OGE3NzQ0
MjNjNzcwHhcNMjYwMTAxMjAxODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWFlZDVmYzY3YjczYjAyN2ViNjliNmYzN2EzZmYzZmVmMzY0MTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz4URBeBM/Yu9YAWiVw8N1h9Bqx4R
sIux4A/JTRfOqp5U2uCRD4KNJkjS+dbHqhNLmmeT1ZhCaR1b54yJ1D1PUpsEOp48
We3AL2XG4ORYJ1XB0zmvVkL8BOO11JVhHalAZKOJpjXKYpp03HTrXYNHhzChsE8u
yTb6qahitDwRGp49gIwxIEZcVKoN+xKvcay+rV6TlS6/V1DEK+/Lr1ki8KBNu0gv
wIy6tNAxrwnaJs3GGG/izr5eilnHCAnNEe9gVpGj/Kv3oZRIXxJzuiq/IVGk4x3k
gBnRrpYOhSBWM2Zu1k0DsjKDg28BBtQrFLeuFTEWZbNny8VZ/TigFlcTnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHWu1fxntzsCfrabbzej/z/vNkFmMB8GA1UdIwQY
MBaAFHcNNddWbuckbk0hM8veSKd0Qjx3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHcwMTExWnU1eVJ1VFNFenk5NUlwM1JDUEhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi8zNmU2MGItMjQxMS00NjNiLTgyNTQt
NTQ3NWRlNjAzY2QzLzEvZGE3Vl9HZTNPd0otdHB0dk42UF9QLTgyUVdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi8zNmU2MGItMjQxMS00NjNiLTgyNTQtNTQ3NWRlNjAzY2Qz
LzEvZHcwMTExWnU1eVJ1VFNFenk5NUlwM1JDUEhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRvlMA0G
CSqGSIb3DQEBCwUAA4IBAQCLSSNbimCQLOa0xD+yNkYzF1auP4TkzR/Tfb51Aeh2
z4yTbU7u7CmIO6bfpYBVhPLnJm+Lbnyu83KfzCNIFW2PbnDBlO8uUwTsAdBF7Sqs
zE5A91wj78A7X1FnCHsOZya0qaObw/s1sLaUcaoTq65Xp7bj5bo+mBCTEud4rY8D
l9eVPdinvkhjMskWRKm7iOiKawKPvkoCzgPsE4K7Wno8o8cbcOY9MIzAbudei1oG
HJAICEJwkeIZUaFu5ffVwmofa542Rdm6ID9qL+t4HTWjV4gJsvL+3SWTqDtLmeeh
mY5RCVk+AEb1BRpVY3gr29ap4Okk7yinu6RrZuZhsfqM
-----END CERTIFICATE-----